Principled Selective Ad Blocking with Taint-Based Exfiltration Protection Policies

We start from the premise that it is a legitimate business model for publishers to provide content in exchange for expecting readers to view advertisements. This implicit agreement, however, should not require privacy and security compromises, which many content consumers identify as a justification for aggressive ad blocking. Rather than escalate the arms race between ad blockers and publishers, we address the privacy and security issues of the advertising ecosystem. In particular, we address the risk of user data exfiltration in the browser by third-party advertising and analytics scripts. We construct a conservative exfiltration prevention policy based on taint checking. To test the feasibility of our approach, we conduct a large-scale web scan using our novel JavaScript dynamic analysis tool, which instruments embedded scripts. We find that many scripts violate our strict anti-exfiltration policy, but show how the most popular advertising and analytics scripts could be redesigned to comply with a strict security policy. This motivates a principled selective ad blocker which ensures privacy, while supporting the business model of advertiser-supported content. Whereas leading selective ad blockers are based on vague usability requirements set by parties with financial stake in which ads are whitelisted (a clear conflict of interest), our selective ad blocking policy would allow users to benefit from the security properties of ad blockers while allowing publishers to profit from privacy-preserving ads.